Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

osTicket Session Fixation Vulnerability (CVE-2022-31888)

Description

Session Fixation vulnerability in in function login in class.auth.php in osTicket through 1.16.2.

Remediation

References

Related Vulnerabilities

WordPress Plugin SupportCandy Arbitrary File Upload (2.0.0)

WordPress Plugin YITH WooCommerce Order Tracking Security Bypass (1.2.10)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-3549)

MediaWiki URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-19709)

ClipBucket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-4673)

Severity

High

Classification

CVE-2022-31888 CWE-384 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities